PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
This commit is contained in:
Dr. Stephen Henson
parent
24d0524f31
commit
6a662a45f3
1 changed files with 11 additions and 9 deletions
20
ssl/d1_pkt.c
20
ssl/d1_pkt.c
|
|
@ -369,13 +369,13 @@ dtls1_process_record(SSL *s)
|
|||
enc_err = s->method->ssl3_enc->enc(s,0);
|
||||
if (enc_err <= 0)
|
||||
{
|
||||
if (enc_err == 0)
|
||||
/* SSLerr() and ssl3_send_alert() have been called */
|
||||
goto err;
|
||||
|
||||
/* otherwise enc_err == -1 */
|
||||
al=SSL_AD_BAD_RECORD_MAC;
|
||||
goto f_err;
|
||||
/* decryption failed, silently discard message */
|
||||
if (enc_err < 0)
|
||||
{
|
||||
rr->length = 0;
|
||||
s->packet_length = 0;
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifdef TLS_DEBUG
|
||||
|
|
@ -616,10 +616,12 @@ again:
|
|||
|
||||
/* If this record is from the next epoch (either HM or ALERT),
|
||||
* and a handshake is currently in progress, buffer it since it
|
||||
* cannot be processed at this time. */
|
||||
* cannot be processed at this time. However, do not buffer
|
||||
* anything while listening.
|
||||
*/
|
||||
if (is_next_epoch)
|
||||
{
|
||||
if (SSL_in_init(s) || s->in_handshake)
|
||||
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
|
||||
{
|
||||
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue